I would suggest just using a simple static hosted site in a bucket
fronted with a ssl load balancer. It really sucks, but that's the
easiest way I found.
If you're using Java, get HmacUtils from commons-codec. Then you just
pass your sig key like so and can compare with hmacHex on the body. It
will return the hash as a string then you just compare them. HmacUtils h
= new HmacUtils(HMAC_SHA_512, "");h....
Haha, I didn't think of using just the loopback IP address instead of
localhost. Good find, but really silly that localhost is blocked. Be
aware though, that I ran into some issues with the iFrame closing
properly when it can't fetch the iFrameCommun...
It doesn't support 'localhost' anymore as far as I know. I ended up
doing what you did with fake domain. If you want to test the
iFrameCommunicator with it, then it's better to actually use a static
hosting service like S3 with AWS.